Man in the Middle Attacks: How Hackers Snag Credentials

How a Man in the Middle Attack Works

Imagine receiving an email that appears to be from your bank, warning you of a security breach. When you click on the link they provided to verify your account details, the link redirects you to a counterfeit website cleverly crafted by hackers to mimic your bank’s legitimate login portal. When you enter your username and password, you inadvertently hand over your credentials to cybercriminals lurking in the digital shadows, setting the stage for potential data breaches and unauthorized access to sensitive information stored within your bank account.

Even worse, these cyber attackers can go a step further by exploiting vulnerabilities in web browser security to steal MFA tokens through session hijacking or cookie theft. By intercepting the communication between your device and the online service, they can secretly capture MFA tokens stored as browser cookies, granting them temporary access to your accounts without the need for additional authentication.

The Risk of Public Wi-Fi

With the rise of remote work and reliance on public Wi-Fi networks, the risk of falling victim to man in the middle attacks is heightened. Cybercriminals can exploit unsecured Wi-Fi connections to intercept data transmissions between your device and the internet, thereby gaining access to sensitive information exchanged during online transactions or communication with trusted service providers. If you can, wait until you are on a private network to log into accounts that contain any sensitive information.

How to Protect Yourself

Protecting yourself against man in the middle attacks requires heightened vigilance and proactive cybersecurity measures. Always double-check the URLs of websites before entering login credentials or personal information, ensuring they match the legitimate domain of the service provider.

Doing a quick search of the domain is safer than clicking on a link in your message. Consider this scenario: You get an email that says your Microsoft account has been compromised and gives you a link to log in. In a panic, you click on the Microsoftt link. Did you notice the extra “T” at the end of Microsoft? Hackers bet that you won’t notice that, or a simple switch of the letters. It can be that small of a change to make the whole site malicious.

If there are suspicious links in an email or message, especially those urging immediate action or containing grammatical errors and unusual sender addresses, do not click them! The same goes for downloading suspicious attachments.

Additionally, consider using virtual private networks (VPNs) when connecting to public Wi-Fi networks to encrypt data transmissions and mitigate the risk of interception by cybercriminals.

Another defense against man in the middle attacks is the hypertext transfer protocol secure (HTTPS). HTTPS uses a secure communication channel established through public-key cryptography. This method scrambles the data that is exchanged between your device and a website, rendering it illegible even if intercepted by cybercriminals.

Always verify the presence of HTTPS, indicated by a padlock symbol and “https” in the URL bar, before entering sensitive information on a website. Some browsers offer extensions that will automatically enforce HTTPS connections, adding another layer of security.

Lastly, while a man in the middle attack may be able to get around your MFA, using an authenticator app on your phone or computer is more secure. Normally with MFA, you receive an unencrypted text or email with a code. An authenticator app doesn’t send a text, instead, you log into your app and it will generate a code for you. That code changes every 30 to 60 seconds depending on the app. When you download an authenticator app on your phone or even your computer, make sure it is from a trusted source.

If you notice strange activity on your account or you receive a notification about a potential breach of your account the best thing to do is change your password. Every password needs to be unique. You don’t want to give the hackers your Microsoft password which also happens to be your bank account’s password. Remembering all those unique passwords is impossible, which is why we recommend using a password management tool.

Try the SLAM Method

In cybersecurity, verifying the authenticity of emails is paramount in safeguarding against phishing attacks and fraudulent schemes.

One effective method is the SLAM approach, which stands for stop, look, analyze and manage. This method emphasizes a systematic process for evaluating incoming emails before taking any action.

First, users are advised to “stop” and resist the impulse to immediately respond or click on links within suspicious emails.

Next, they should “look” closely at the sender’s email address, checking for any irregularities or discrepancies that may indicate a phishing attempt.

It’s crucial to then “analyze” the content of the email, scrutinizing for any urgency, requests for personal information or suspicious attachments.

Finally, the recipient should “manage” the email in an appropriate way; either deleting it or reporting it to the organization’s cybersecurity team.

Cybersecurity Doesn’t Have to Be Tricky

While man in the middle attacks sound scary, with the right security measures in place and a trusted cybersecurity partner; they don’t have to be. Remember the SLAM method if you are unsure if an email is phishing or not and when in doubt, change your password. If you need a cybersecurity partner, book a meeting with one of our experts, or take a look at our cybersecurity awareness training services.

OrlanTech

OrlanTech is a managed service provider (MSP) that was founded in 1995 and is now the market leader in delivering technology-as-a-service to small and medium size businesses (SMB) in the central Florida area.